[Openswan Users] Blocking an ipsec using X509 DN
Diego Woitasen
diegows at gmail.com
Tue Oct 10 19:30:17 EDT 2006
Hi,
I have a VPN concentrator with Openswan with Openswan peers using
X509 authentication. I need block some peers for some time using the
Distinguish Name, but i don't know how. Using CRL is not an option
because the block must be temporary.
I'm trying with this but the peers continue passing traffic anyway:
conn blocked668
type=reject
left=172.17.0.60
rightsubnet=10.22.160.0/24
right=%any
rightid="C=AR, ST=BUENOS AIRES, L=Ciudad Autonoma de Buenos
Aires, O=Example Inc., OU=Comunicaciones, CN=peer668.example.com,
SN=3"
auto=add
any idea?
Thanks,
--
-------------------
Diego Woitasen
-------------------
More information about the Users
mailing list